{% set pypi_name = 'barbican' %}
{% set source = fetch_source('https://tarballs.openstack.org/barbican/barbican-master.tar.gz') %}
{% set upstream_version = upstream_version() %}
{% set rpm_release = '1' %}
%global with_doc 1
%if 0%{?rhel} || 0%{?fedora}
%global rdo 1
%endif
Name:           {{ py2name() }}
Version:        {{ py2rpmversion() }}
Release:        {{ py2rpmrelease() }}
Summary:        OpenStack key and secrets management (Barbican)
License:        {{ license('Apache-2.0') }}
URL:            https://docs.openstack.org/barbican/latest/
Source0:        {{ source|basename }}
Source1:        openstack-barbican.logrotate
Source2:        openstack-barbican.tmpfiles
Source3:        openstack-barbican.defaultconf
Source4:        openstack-barbican.README.config
Source5:        barbican-wsgi.conf
# systemd service files
Source10:       openstack-barbican-worker.service
Source11:       openstack-barbican-keystone-listener.service
Source12:       openstack-barbican-retry.service
BuildRequires:  openstack-macros
BuildRequires:  {{ py3('Babel') }}
BuildRequires:  {{ py3('Paste') }}
BuildRequires:  {{ py3('PasteDeploy') }}
BuildRequires:  {{ py3('PyKMIP') }}
BuildRequires:  {{ py3('SQLAlchemy') }}
BuildRequires:  {{ py3('WebOb') }}
BuildRequires:  {{ py3('castellan') }}
BuildRequires:  {{ py3('ddt') }}
BuildRequires:  {{ py3('eventlet') }}
BuildRequires:  {{ py3('fixtures') }}
BuildRequires:  {{ py3('jsonschema') }}
BuildRequires:  {{ py3('ldap3') }}
BuildRequires:  {{ py3('mock') }}
BuildRequires:  {{ py3('neutronclient') }}
BuildRequires:  {{ py3('oslo.concurrency') }}
BuildRequires:  {{ py3('oslo.config') }}
BuildRequires:  {{ py3('oslo.db') }}
BuildRequires:  {{ py3('oslo.i18n') }}
BuildRequires:  {{ py3('oslo.log') }}
BuildRequires:  {{ py3('oslo.messaging') }}
BuildRequires:  {{ py3('oslo.policy') }}
BuildRequires:  {{ py3('oslo.utils') }}
BuildRequires:  {{ py3('oslo.versionedobjects') }}
BuildRequires:  {{ py3('oslotest') }}
BuildRequires:  {{ py3('pbr') }}
BuildRequires:  {{ py3('pecan') }}
BuildRequires:  {{ py3('pyOpenSSL') }}
BuildRequires:  {{ py3('six') }}
BuildRequires:  {{ py3('stestr') }}
BuildRequires:  {{ py3('stevedore') }}
BuildRequires:  {{ py3('testtools') }}
Requires:       logrotate
Requires:       python3-barbican = %{version}-%{release}
BuildArch:      noarch
%if 0%{?suse_version}
BuildRequires:  systemd-rpm-macros
Requires(pre):  pwdutils
%{?systemd_requires}
%else
BuildRequires:  systemd
Requires(post): systemd
Requires(postun): systemd
Requires(pre):  shadow-utils
Requires(preun): systemd
%endif

%description
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

%package -n python3-{{ pypi_name }}
Summary:        OpenStack key and secrets management (Barbican) - Python module
Group:          Development/Languages/Python
Requires:       {{ py3('Babel') }}
Requires:       {{ py3('Paste') }}
Requires:       {{ py3('PasteDeploy') }}
Requires:       {{ py3('PyKMIP') }}
Requires:       {{ py3('Pygments') }}
Requires:       {{ py3('SQLAlchemy') }}
Requires:       {{ py3('WebOb') }}
Requires:       {{ py3('alembic') }}
Requires:       {{ py3('castellan') }}
Requires:       {{ py3('cffi') }}
Requires:       {{ py3('cryptography') }}
Requires:       {{ py3('eventlet') }}
Requires:       {{ py3('jsonschema') }}
Requires:       {{ py3('keystoneclient') }}
Requires:       {{ py3('keystonemiddleware') }}
Requires:       {{ py3('ldap3') }}
Requires:       {{ py3('oslo.config') }}
Requires:       {{ py3('oslo.context') }}
Requires:       {{ py3('oslo.db') }}
Requires:       {{ py3('oslo.i18n') }}
Requires:       {{ py3('oslo.log') }}
Requires:       {{ py3('oslo.messaging') }}
Requires:       {{ py3('oslo.middleware') }}
Requires:       {{ py3('oslo.policy') }}
Requires:       {{ py3('oslo.serialization') }}
Requires:       {{ py3('oslo.service') }}
Requires:       {{ py3('oslo.upgradecheck') }}
Requires:       {{ py3('oslo.utils') }}
Requires:       {{ py3('oslo.versionedobjects') }}
Requires:       {{ py3('pbr') }}
Requires:       {{ py3('pecan') }}
Requires:       {{ py3('pyOpenSSL') }}
Requires:       {{ py3('requests') }}
Requires:       {{ py3('six') }}
Requires:       {{ py3('stevedore') }}

%description -n python3-{{ pypi_name }}
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

This package contains the core Python module of OpenStack Barbican.

%package api
Summary:        OpenStack key and secret management (Barbican) - API
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description api
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican API (WSGI only).

%package worker
Summary:        OpenStack key and secret management (Barbican) - Worker
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description worker
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Worker service.

%package keystone-listener
Summary:        OpenStack key and secret management (Barbican) - keystone listener
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description keystone-listener
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Keystone Listener service.

%package retry
Summary:        OpenStack key and secret management (Barbican) - Retry Scheduler
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description retry
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Retry Scheduler service.

%if 0%{?with_doc}
%package doc
Summary:        OpenStack key and secret management (Barbican) - Documentation
Group:          Documentation/HTML
BuildRequires:  {{ py3('Sphinx') }}
BuildRequires:  {{ py3('openstackdocstheme') }}
BuildRequires:  {{ py3('sphinxcontrib-svg2pdfconverter') }}

%description doc
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

This package contains documentation.
%endif

%prep
%autosetup -p1 -n {{ pypi_name }}-{{ upstream_version }}
%py_req_cleanup

%build
%{py3_build}
# doc
%if 0%{?with_doc}
PYTHONPATH=. PBR_VERSION={{ upstream_version }} %sphinx_build -b html doc/source doc/build/html
PYTHONPATH=. PBR_VERSION={{ upstream_version }} %sphinx_build -b man doc/source doc/build/man
# remove the Sphinx-build leftovers
rm -rf doc/build/html/.{doctrees,buildinfo}
rm -rf doc/build/man/.{doctrees,buildinfo}
%endif

### configuration file generation
PYTHONPATH=. oslo-config-generator --config-file etc/oslo-config-generator/barbican.conf --output-file etc/barbican.conf.sample
PYTHONPATH=. oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf

%install
%{py3_install}

### directories
install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log}/barbican
install -d -m 750 %{buildroot}%{_localstatedir}/cache/barbican
install -D -m 644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/barbican.conf
install -d -m 755 %{buildroot}%{_sysconfdir}/barbican
install -d -m 755 %{buildroot}%{_datadir}/barbican
install -d -m 755 %{buildroot}%{_sysconfdir}/barbican/barbican.conf.d/
install -p -D -m 640 %{SOURCE4} %{buildroot}%{_sysconfdir}/barbican/README.config

### configuration files
install -p -D -m 644 etc/barbican.conf.sample %{buildroot}%{_sysconfdir}/barbican/barbican.conf
install -p -D -m 640 etc/barbican/policy.yaml.sample %{buildroot}%{_sysconfdir}/barbican/policy.yaml
install -p -D -m 644  etc/barbican/{barbican-functional.conf,api_audit_map.conf} %{buildroot}%{_sysconfdir}/barbican/
mv %{buildroot}/%{_prefix}/%{_sysconfdir}/barbican/barbican-api-paste.ini %{buildroot}%{_sysconfdir}/barbican/

### default configuration
install -D -m 640 %{SOURCE3} %{buildroot}/%{_sysconfdir}/barbican/barbican.conf.d/010-barbican.conf

# bash-completion/logrotate/etc.
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/barbican

# Install systemd unit services
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_unitdir}
install -p -D -m 444 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}-worker.service
install -p -D -m 444 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-keystone-listener.service
install -p -D -m 444 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-retry.service
%if 0%{?suse_version}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-worker
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-keystone-listener
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-retry
%endif

# Install apache configuration files
install -p -D -m 644 %{SOURCE5}  %{buildroot}%{_datadir}/barbican/

# man pages
%if 0%{?with_doc}
mkdir -p %{buildroot}%{_mandir}/man1
install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/
%endif

%check
# don't want to depend on hacking for package building
rm barbican/tests/test_hacking.py

%if 0%{?suse_version}
PYTHON=python3 stestr run
%endif
%if 0%{?rdo}
stestr-3 run
%endif

%pre
%openstack_pre_user_group_create barbican barbican /sbin/nologin
exit 0

%post
%tmpfiles_create %{_tmpfilesdir}/barbican.conf

%post worker
%systemd_post %{name}-worker.service

%preun worker
%systemd_preun %{name}-worker.service

%postun worker
%systemd_postun %{name}-worker.service

%post keystone-listener
%systemd_post %{name}-keystone-listener.service

%preun keystone-listener
%systemd_preun %{name}-keystone-listener.service

%postun keystone-listener
%systemd_postun %{name}-keystone-listener.service

%post retry
%systemd_post %{name}-retry.service

%preun retry
%systemd_preun %{name}-retry.service

%postun retry
%systemd_postun %{name}-retry.service

%files
%license LICENSE
%dir %attr(0750, barbican, barbican) %{_localstatedir}/lib/barbican
%dir %attr(0750, barbican, barbican) %{_localstatedir}/cache/barbican
%dir %attr(0750, barbican, barbican) %{_localstatedir}/log/barbican
%_tmpfilesdir/barbican.conf
%dir %{_datadir}/barbican
%dir %{_sysconfdir}/barbican
%dir %{_sysconfdir}/barbican/barbican.conf.d/
%{_sysconfdir}/barbican/README.config
%config(noreplace) %{_sysconfdir}/logrotate.d/barbican
%config %attr(0644, root, barbican) %{_sysconfdir}/barbican/barbican-functional.conf
%config(noreplace) %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican.conf
%config(noreplace) %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican.conf.d/010-barbican.conf
%config %attr(0640, root, barbican) %{_sysconfdir}/barbican/policy.yaml
%attr(0644, root, barbican) %{_datadir}/barbican/barbican-wsgi.conf
%{_bindir}/barbican-manage
%{_bindir}/barbican-status
%{_bindir}/barbican-db-manage
%{_bindir}/pkcs11-kek-rewrap
%{_bindir}/pkcs11-key-generation
%if 0%{?with_doc}
%{_mandir}/man1/barbican.1.gz
%endif

%files -n python3-barbican
%license LICENSE
%{python3_sitelib}/barbican/
%{python3_sitelib}/barbican-*.egg-info

%files api
%defattr(-,root,root,-)
%license LICENSE
%{_bindir}/barbican-wsgi-api
%config %attr(0644, root, barbican) %{_sysconfdir}/barbican/api_audit_map.conf
%config %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican-api-paste.ini

%files worker
%defattr(-,root,root,-)
%license LICENSE
%{_unitdir}/%{name}-worker.service
%{_bindir}/barbican-worker
%if 0%{?suse_version}
%{_sbindir}/rc%{name}-worker
%endif

%files keystone-listener
%license LICENSE
%{_unitdir}/%{name}-keystone-listener.service
%{_bindir}/barbican-keystone-listener
%if 0%{?suse_version}
%{_sbindir}/rc%{name}-keystone-listener
%endif

%files retry
%license LICENSE
%{_unitdir}/%{name}-retry.service
%{_bindir}/barbican-retry
%if 0%{?suse_version}
%{_sbindir}/rc%{name}-retry
%endif

%if 0%{?with_doc}
%files doc
%license LICENSE
%doc doc/build/html
%endif

%changelog
